Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ddm4-j52m-efcy
Vulnerability ID VCID-ddm4-j52m-efcy
Aliases CVE-2009-0801
Summary Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2009-0801
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2009-0801
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0801.json
https://api.first.org/data/v1/epss?cve=CVE-2009-0801
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0801
488502 https://bugzilla.redhat.com/show_bug.cgi?id=488502
521053 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521053
GLSA-201309-22 https://security.gentoo.org/glsa/201309-22
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.10926
EPSS Score 0.00036
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:11:23.722175+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0